public CefEvent Convert(AzureEventBase evt) { var cef = new CefEvent() { Timestamp = evt.time, Host = evt.resourceName, // Device Vendor - need to check difference between Microsoft and 3rd party events DeviceVendor = "Microsoft", DeviceProduct = evt.providerName, DeviceVersion = "1", DeviceEventClassID = evt.eventType, Name = evt.shortDescription, Severity = MapSeverity(evt.level) }; // TODO - set custom properties cef.CustomProperties.act = evt.operationName; cef.CustomProperties.destinationServiceName = evt.providerName; //cef.CustomProperties.destinationDnsDomain = cef.CustomProperties.deviceExternalId = evt.resourceId; cef.CustomProperties.duser = "******"; // TODO - put the real time on here //cef.CustomProperties.end = "TODO"; cef.CustomProperties.src = evt.callerIpAddress; //cef.CustomProperties.act return(cef); }
public string CefEventToCefRecord(CefEvent evt) { var sb = new System.Text.StringBuilder(); sb.AppendFormat("{0} {1} {2}|{3}|{4}|{5}|{6}|{7}|{8}|", evt.Timestamp.ToString(_formatString), evt.Host, evt.CefVersion, EscapeValue(evt.DeviceVendor), EscapeValue(evt.DeviceProduct), EscapeValue(evt.DeviceVersion), EscapeValue(evt.DeviceEventClassID), EscapeValue(evt.Name), EscapeValue(evt.Severity) ); CefTransformerCustom.FillCustomProperties(evt.CustomProperties, sb); return(sb.ToString()); }